Security Audit RLM
Use this skill to operate audit.py as a tool-driven RLM workflow for large repositories.
Repository: https://github.com/mitkox/megacode
Execute
- •Verify prerequisites:
- •
deno --version - •model endpoint is reachable (default
http://localhost:8000/v1)
- •
- •Run a baseline audit:
- •
AUDIT_VERBOSE=1 python audit.py --source-root <repo-path>
- •
- •Confirm outputs:
- •
security_audit_report.md - •
security_audit_metadata.json - •
security_audit_manifest.jsonl
- •
Tune For Large Legacy Repos
- •Lower planner churn:
- •
--max-iterations 8..12 - •
--rlm-max-llm-calls 60..100
- •
- •Bound REPL noise:
- •
--rlm-max-output-chars 15000..30000
- •
- •Bound tool payloads:
- •
--tool-max-lines 200..400 - •
--tool-max-chars 20000..40000 - •
--search-max-files 800..2000 - •
--search-max-matches 200..600
- •
- •Control runtime:
- •
--timeout-seconds 600..1800 - •
--retries 1..2
- •
Operating Rules
- •Keep analysis local when privacy constraints require it.
- •Use RLM tool access, not full-context repository injection.
- •Keep intermediate output concise and deterministic.
- •Prioritize high-severity findings with file/line evidence and concrete fixes.
Troubleshooting
- •If run appears stalled:
- •enable verbose mode
- •reduce
--max-iterations - •reduce
--rlm-max-output-chars
- •If model truncates:
- •raise
--lm-max-tokensif backend supports it - •reduce tool output and iteration count
- •raise
- •If path/file access errors appear in RLM steps:
- •ensure tool-only repository access is used by the audit flow
- •re-run after confirming current
audit.pyincludeslist_manifest/read_file/search_patterntools
Deliverable Format
Ensure report sections remain:
- •Executive Summary
- •Critical Findings (CRITICAL/HIGH)
- •Other Findings (MEDIUM/LOW)
- •Remediation